Odisha Crime Branch in control of ransomware attack probe

Share Via Email

Ransomware attack

BHUBANESWAR: The Crime Branch of Odisha Police on Wednesday took over investigation of the Ransomware attack at Berhampur City Hospital.

A three-member team of Cyber Crime Police Station of Crime Branch will begin probe basing on the FIR registered by ADMO (Medical) of Berhampur under Sections 65/66 of Information Technology Act and Section 385 of Indian Penal Code.

Special DG, Crime BK Sharma said the attack encrypted data of e-Aushadhi portal and Hospital Information Management System (HIMS).

He said the attack took place on May 13 and systems were formatted by the hospital authorities.

Meanwhile, the WannaCry attack, which was reported first at the City Hospital and then at Purushottampur CHC, jolted the State Government out of its slumber which swung into action to take stock of the crisis.

Minister of State for Electronics and Information Technology (IT) Chandrasarathi Behera held video conferencing with Collectors and asked them to make an assessment of the computer systems and networks in the districts.

The Collectors have been asked to evaluate computer systems, operating software, status of anti-virus programme and other forms of cyber security measures put in place. Another round of stock-taking will be carried out in two days time.

Since older versions of Window operating software such as XP, Vista, 2003 and 2008 are more vulnerable to such advanced malware attacks, the Government is trying to ensure that the systems are upgraded on time.

In fact, the WannaCry attacks exposed the delayed reaction of the IT Department which woke up to the problem only on Tuesday although the first wave of hackings took place on Saturday.

Investigation by Berhampur Police showed that the attacks at the health management system of the City Hospital took place on May 13. Of the 11 computers, two were hit at about 11 am on Saturday itself.

There are 11 computers in City Hospital and all the systems are located at different places. The systems were found to be independent of each other while 10 have independent Internet connections. Besides, there is neither any intranet connection nor local area network (LAN) connection among the systems.

Although each computer has one authorised user who accesses it through the system password, few computers are accessed by more than one during daily use in practice. There’s no browsing or Internet firewall installed in any computer which is why porn or any site can be accessed without any hindrance.

The preliminary investigation found that all 11 computers are running by Windows 7 professional OS licensed version. Six have Internet through OTEL and four use BSNL but when connection is down, the service is used interchangeably.

The first system attack was detected on May 13 by Pratap Chandra Gowda, who saw the flashing on his home screen in place of the screensaver. When he re-booted, he got a message seeking $300 in bitcoins along with details where the ransom has to be deposited. Though the deadline was initially said to be May 16, it was postponed to May 20. The ransom was raised to $600. On advice of the data manager, the system was formatted.

Wake-up call for Govt
● A 3-member team of Cyber Crime Police Station of Crime Branch will begin probe basing on the FIR of ADMO (Medical) of Berhampur
● IT Minister holds video conferencing with Collectors and asks them to make an assessment of computer systems and networks in districts
● WannaCry attacks exposed the delayed reaction of the IT Department which woke up to the problem only on Tuesday although the first wave of hackings took place on Saturday
● Another round of stock-taking will be carried out in two days time and Govt is trying to ensure that the systems are upgraded on time